In less than three weeks, the November 2 mid-term elections will be conducted across the country. In some places they will use traditional ballots, and in others newer electronic voting machines.
Last week two unsettling events occurred involving the safety and utility of electronic voting machines. The first involved a team of computer scientists, playing the role of hackers testing the vulnerabilities of a mock District of Columbia Election. The hackers were able to infiltrate Washington D.C.’s online voting system and were able to change all of the votes from one candidate to another.
The Team, which was from the University of Michigan, were asked to test the system by the District’s Board of Elections and ethics to test and find out if a system designed to allow overseas voters and military personnel had any security vulnerabilities.
The results were unsettling. It only took J. Alex Halderman, assistant professor of electrical engineering and computer science at University of Michigan, and his students 36 hours to compromise the system. In addition, they were able to find and locate a document that contained the names and 16-digit passwords of all the 937 individuals who were invited to use the system for the real election this upcoming November 2.
The second and most disturbing development was that professor Halderman, while offering testimony to a D.C. city council committee, last stated that he and his team also saw evidence that Iranian, and Chinese computers had been hacking into the D.C. Internet Voting System and were attempting to access the very same network infrastructure.
Halderman reported, “While we were in control of these systems we observed other attack attempts originating from computers in Iran and China.” He continued noting that, “These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.”
How safe are Internet based voting systems? This question is still being hotly debated. But what is know is that Halderman’s team “found and exploited a vulnerability that gave [them] almost total control of the server software,” including the ability to overwrite every single ballot cast on the test system, change the votes on those ballots to write-in candidates, and discover the identities of all the voters. –torrance stephens
